Breach Notification , Security Operations , Standards, Regulations & Compliance
How Will SEC Rules Affect Reporting, Tracking of Incidents?
TrustedSec's Alex Hamerstone on New US Securities and Exchange Commission RulesUnder new U.S. Securities and Exchange Commission rules, companies must disclose material cybersecurity incidents and annually report on cybersecurity risk management, strategy and governance. Alex Hamerstone, advisory solutions director at TrustedSec, discussed the challenges ahead.
See Also: Infographic: Financial Services Identity Security By the Numbers
"One of the challenges is really understanding what's going on with your networks and having this information available," Hamerstone said. To disclose cybersecurity incidents, organizations "need to have logging and monitoring capabilities in place to understand when these things are happening." Companies also need a communication plan - "something that gets missed a lot," he added.
In this video interview with Information Security Media Group, Hamerstone discussed:
- How the new SEC rules might affect the accuracy of incident disclosures;
- Challenges that companies may face in meeting the new disclosure requirements;
- How the regulations might influence companies' cybersecurity strategies and risk management practices.
Hamerstone has over a decade and a half of information security consulting experience. Known as a passionate advocate for TrustedSec clients as well as the security industry, he uses his consulting experience to partner with organizations of all sizes in all verticals to perform assessments, audits and security program development.